From 9c94172852694cfc7c4cb64e2ea4cef6c5c3f9d6 Mon Sep 17 00:00:00 2001 From: kink Date: Mon, 26 Apr 2004 15:29:02 +0000 Subject: [PATCH] Responses from servers could legitimately contain < chars, make sure it goes well. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7260 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- src/configtest.php | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/src/configtest.php b/src/configtest.php index e9d946c4..f60b67ab 100644 --- a/src/configtest.php +++ b/src/configtest.php @@ -180,31 +180,33 @@ if($useSendmail) { $errorNumber, $errorString); if(!$stream) { do_err("Error connecting to SMTP server \"$smtpServerAddress:$smtpPort\".". - "Server error: ($errorNumber) $errorString"); + "Server error: ($errorNumber) ".htmlspecialchars($errorString)); } // check for SMTP code; should be 2xx to allow us access $smtpline = fgets($stream, 1024); if(((int) $smtpline{0}) > 3) { - do_err("Error connecting to SMTP server. Server error: ".$smtpline); + do_err("Error connecting to SMTP server. Server error: ". + htmlspecialchars($smtpline)); } fputs($stream, 'QUIT'); fclose($stream); - echo $IND . 'SMTP server OK ('.trim($smtpline).")
\n"; + echo $IND . 'SMTP server OK ('. + trim(htmlspecialchars($smtpline)).")
\n"; /* POP before SMTP */ if($pop_before_smtp) { $stream = fsockopen($smtpServerAddress, 110, $err_no, $err_str); if (!$stream) { - do_err("Error connecting to POP Server ($smtpServerAddress:110)" - . " $err_no : $err_str"); + do_err("Error connecting to POP Server ($smtpServerAddress:110) " + . $err_no . ' : ' . htmlspecialchars($err_str)); } $tmp = fgets($stream, 1024); if (substr($tmp, 0, 3) != '+OK') { do_err("Error connecting to POP Server ($smtpServerAddress:110)" - . ' '.$tmp); + . ' '.htmlspecialchars($tmp)); } fputs($stream, 'QUIT'); fclose($stream); @@ -218,18 +220,21 @@ $stream = fsockopen( ($use_imap_tls?'tls://':'').$imapServerAddress, $imapPort, $errorNumber, $errorString); if(!$stream) { do_err("Error connecting to IMAP server \"$imapServerAddress:$imapPort\".". - "Server error: ($errorNumber) $errorString"); + "Server error: ($errorNumber) ". + htmlspecialchars($errorString)); } $imapline = fgets($stream, 1024); if(substr($imapline, 0,4) != '* OK') { - do_err('Error connecting to IMAP server. Server error: '.$imapline); + do_err('Error connecting to IMAP server. Server error: '. + htmlspecialchars($imapline)); } fputs($stream, '001 LOGOUT'); fclose($stream); -echo $IND . 'IMAP server OK ('.trim($imapline).")
\n"; +echo $IND . 'IMAP server OK ('. + htmlspecialchars(trim($imapline)).")
\n"; echo "Checking internationalization (i18n) settings:
\n"; echo "$IND gettext - "; @@ -309,7 +314,8 @@ if($addrbook_dsn || $prefs_dsn || $addrbook_global_dsn) { $dbh = DB::connect($dsn, true); if (DB::isError($dbh)) { - do_err('Database error: '. DB::errorMessage($dbh) . ' in ' .$type .' DSN.'); + do_err('Database error: '. htmlspecialchars(DB::errorMessage($dbh)) . + ' in ' .$type .' DSN.'); } $dbh->disconnect(); echo "$IND$type database connect successful.
\n"; -- 2.25.1